[KLUG Members] Iptables

[Bruce Smith]

> >I block the default operation of IM services (not sure about http
> >configured IM's) by only allowing access to the internet through my
> >authenticated squid server.
> >
> >Unless a client supports an authenticated proxy, and my squid config
> >allows the required ports, my users don't go there.
> 
> I don't believe you're doing more than stopping the weak and infirm
> at this point. 

That's 99.9% of my users!  :-)

> I don't know of an IM that doesn't work on http, for example. 

Talking about internet programs in general (not just IM):

I've found many client programs don't support a proxy - they don't work.

I've found those clients which do support a proxy in their config, many
don't support an _authenticated_ proxy - those clients won't work.

Squid is configured to only allow "safe ports", other ports won't work.

It'd be interesting to see if any IM clients could be made to work
though my firewall setup.

> You might be stopping some services, like real-time ICQ chat
> and file transfer, but that's probably it. That assumes you're let-
> ting the user on the net at all, natch.

Yes, I'm talking about users who are authenticated on the proxy server,
which is not everyone here.

 - BS